Wednesday, February 25, 2015

It's very easy to infect our browser with all kinds of malware. I'm sure that, at some point, everyone has experienced the problems with the useless toolbars in the browsers. Remember Delta toolbar, or Conduit toolbar? They're often included within a free application, and you can even voluntarily download and install them!!! (don't try it).

Fortunately, Google has released a Beta version of their 'Software removal tool'. What this tool do is basically 'reset' your Google Chrome browser, and it leaves it clean of malware. Of course, this is just a Beta version of the tool, but I think it's a great idea that could be implemented for Firefox too. However, now I'll show how to use this tool to remove some malware from my own Chrome browser. I infected it with the Conduit toolbar:

Now, I'll use the Google Software removal tool. You can download it here. Just download it and place it somewhere you know.

Now, just run it. It will scan the computer looking for malware. Once it finishes, it will show the results. In my case:

Click 'Remove suspicious program'. After a few seconds, you'll see this:

Click Restart and the computer will reboot and that's it. Simple, right? Of course, you cannot rely on this tool to fully protect your computer, but it's a simple and easy-to-use tool to get rid of problems in a simple way. The interesting thing is that the tool also helped with other browsers, like Internet Explorer 11. Give it a try, it won't disappoint you!

Monday, February 23, 2015

Privacy is one of the most controversial issues regarding Internet today. Thus, the popularity of tools like TOR and i2p is increasing all the time. Another tool available now is Freenet, and it could be a good option if, for whatever reason, you need to protect your privacy. It's important to mention that this tool has been widely used in China and the Middle East, and it acquired more importance and academical relevance with the paper "Freenet: A Distributed Anonymous Information Storage and Retrieval System".

With that in mind, I'll show you now how to use Freenet in Linux (Ubuntu).Requirements:

Java installed.

I first tried with the Java Web Installer, but I had some errors. So, the steps for installing Freenet will be done with commands.

6. Select the folder where you'll install Freenet and click Next twice.

7. Once you reach the following screen, click Next three times:

8. Finally, click Done. A browser will be automatically opened with the Freenet configuration wizard.

Note: The configuration I'll choose will allow you to connect to any Freenet user. If you are concerned about security, you should choose another configuration.

9. Click 'Choose low security'
10. Click Next
11. In the 'Datastore size' screen, select the Datastore size. It is recommended to set as much space as possible, but I'll just leave the default value. Then click Next

If there are any other configurations, set them and click Next until the wizard finishes. OK, we have Freenet installed, but how do we 'browse' on Freenet? Simple, you need to obtain Freenet 'keys'. These are like URLs. You load one and you can see its content. For example, we have the following key, corresponding to the 'Bluish Coder' blog:

Wednesday, February 18, 2015

Well, not exactly. This is not like an emulator of apt-get, but it's like its equivalent for the Microsoft OS.

I always hear that installing things in Windows is easier, but that's not always the case. For example, installing things in Linux with apt-get is as easy as using the Apple app store or Google Play: You have all the software you need centralized in a single place (from the point of view of the user), and you just select it and everything will be downloaded, installed and configured. The only problem is that the Linux terminal is ugly and some inexperienced users are instantly scared, but once you get used to it, is really easy and convenient. That's why some Linux users miss this feature for Windows. Well, here's a great tool that's just like apt-get or yum, but for Windows. It's Chocolatey. I'll show you how to use it with a practical example, from the installation of Chocolatey to the installation of an application.

Installation of Chocolatey:

1. Open a command line console with administrative privileges. I'm using Windows 8.1, so:

As you can see, there are a lot of possibilities for this tool. For example, it can be used for silent installations from automated scripts. For now, I'll leave you with this example, and I'll write a lot more about this in a near future. Don't forget to visit the official Chocolatey page.

Tuesday, February 17, 2015

We all know about the Flame malware attacking middle east countries. It's one of the most complex and effective pieces of malware ever made and, according to certain sources, it was developed by the infamous NSA. Well, it looks like they're back on the game.

On a report recently released by Russian security company Kaspersky (download the full report here), we can read about a new group called the 'Equation Group' has been developing and distributing extremely complex malware. I'm not kidding, these are the exact words used there to describe the group en its software:

The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. The Equation group uses multiple malware platforms, some of which surpass the well-known “Regin” threat in complexity and sophistication. The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen.
The following is a list of the arsenal owned by the Equation group. They work together, depending on each other for certain actions, and some are "upgraded versions":

EQUATIONDRUG – A very complex attack platform used by the group on its victims. It supports a module plugin system, which can be dynamically uploaded and unloaded by the attackers.

DOUBLEFANTASY – A validator-style Trojan, designed to confirm the target is the intended one. If the target is confirmed, they get upgraded to a more sophisticated platform such as EQUATIONDRUG or GRAYFISH.

EQUESTRE – Same as EQUATIONDRUG.

TRIPLEFANTASY – Full-featured backdoor sometimes used in tandem with GRAYFISH. Looks like an upgrade of DOUBLEFANTASY, and is possibly a more recent validator-style plugin.

GRAYFISH – The most sophisticated attack platform from the EQUATION group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.

FANNY – A computer worm created in 2008 and used to gather information about targets in the Middle East and Asia. Some victims appear to have been upgraded first to DoubleFantasy, and then to the EQUATIONDRUG system. Fanny used exploits for two zero-day vulnerabilities which were later discovered with Stuxnet.

EQUATIONLASER – An early implant from the EQUATION group, used around 2001-2004. Compatible with Windows 95/98, and created sometime between DOUBLEFANTASY and EQUATIONDRUG.

But this is not the most impressive achievement of the Ecuation group. I quote the report:

Although the implementation of their malware systems is incredibly complex, surpassing even Regin in sophistication, there is one aspect of the EQUATION group’s attack technologies that exceeds anything we have ever seen before. This is the ability to infect the hard drive firmware.
What does it mean? Basically, if you get infected, formatting the disk won't help you to get rid of the malware, nor re-installing the OS. Also, this malware is impossible to detect. There are some specific brands of affected hard drives, including Samsung, Maxtor and Toshiba.

But what is the reach of the infection? Here's a map provided in the document:

Although this is a huge hacking operation, you shouldn't be worried if you are an average citizen, but if you work anywhere and if you have a computer at work, chances are that you have been infected, and you'll never know it.

Monday, February 16, 2015

Debian is one of the most famous Linux distros. The fame comes from the stability, robustness and low hardware requirements. The only thing is that it can be trickier than Ubuntu to use, so it's not the first choice for many beginners. However, this article will show you how to install it in a Virtual Machine with some useful tips. Let's begin.

Requirements:

The Debian .iso files. There are various different ways to install Debian. In this tutorial I'll use the Debian .iso files because I don't want to depend on an Internet connection that could fail any moment. So, I downloaded the DVD's corresponding to a 64 bit architecture from here. There are many other options, but in most cases you'll need to download the DVD's corresponding to i386 or amd64, for 32 and 64 bit respectively.

Steps:

1. Open vmWare Workstation.
2. Go to File>New Virtual Machine...

3. Select 'Custom' and click Next
4. Click Next
5. Select 'I will install the operating system later'. Click Next.

6. Select Linux and Debian 7.x 64bit.

7. Click Next.
8. Enter a name and a location for the Virtual Machine
9. You can leave all the next options with the default value and click Next until you reach the last dialog. Then click Finish.

10. POwer on the VM. When it boots up, select 'Graphical install' and press Enter.

11. Select the language and press Continue.
12. Select the location and press Continue.
13. Select the keyboard configuration and click Continue.
14. Enter a hostname. This is to identify the machine in a network, so unless you are doing this in a particular network, you can leave that with the default name. Then click Continue.

15. Enter a domain name. In this case, it can be anything, so I'll enter 'testools.net'. Then click Continue.

16. Enter a password for the root and click Continue.
17. Enter a name for the user that will be used for non-administrative activities. This is the real name for the user, so enter something like John Smith. Click Continue.
18. Select the name for the user account. This name should begin with a lower-case letter. For example, you could choose 'john'.

19. Enter a password for the new user account.
20. Select the time zone and click Continue.
21. In this case, I'll select 'Guided - use entire disk' as partition method.

22. There's only one disk in this example, so select it and click Continue.
23. For the partition scheme I selected the first option (all the files in a single partition). To know more about which partition scheme to choose, read this. Click Continue three times and the installation will begin.

24. After all the contents of the first DVD are read, a dialog will prompt you to scan another disk. Now, go to VM>Settings>CD/DVD (IDE)
25. Browse and select the second Debian DVD. Then click OK.

26. A dialog warning about the lock to the CD will be displayed. Just click Yes.

27. Back to the VM, Select Yes and click Continue. If it fails, open the VM settings again and check 'Connected' in 'Device Status' to get the .iso file connected.

28. After the second DVD was scanned, select 'No' to scan another DVD, an click Continue.
29. Now, the wizard will prompt you to insert the first DVD again. Do it and click Continue.
30. IN the popularity-contest configuration, select No.
31. In the software selection screen you can select additional software to install. I just installed the core components.

32. In the step to install GRUB, select Yes and click Continue.
33. After a moment, you'll see the following screen. It means that the installation is over! Click continue.

Saturday, February 14, 2015

Sometimes it is really hard to work with all the calendars from different programs like Exchange, the Google Calendar, SharePoint or MySQL Server tables.

I have a lot of appointments using Google for some international meetings, other internal meetings are set using SharePoint and now with the DBAs, we have an internal calendar using SQL Server.

In my case, I have several meetings during the day (I sometimes think that I only have meetings instead of working).

After some stressing months, my wife suggest me to create a tool to merge all the calendars in a single one. The idea was pretty good and I decided to try to do it at night.

I was trying to develop a solution using C#, but after 1 hour I decided to check on the web if there was a free or at least a not expensive solution. I was 99 % sure that Google may find a solution for me.

THE SOLUTION

After wasting my time with some other tools that I will not mention the names, I finally found this nice tool which I found simple and interesting: